CSE IT aims to balance the need to provide adaptable computing systems to researchers with the need to provide a safe, secure, and functional environment that is compliant with UB's IT policies and system administration best practices.
In response to situations where it is beneficial for a research group to configure and manage their own systems, CSE has adopted a model to allow "Researcher-Managed" systems to be placed on designated networks where trusted users have administrative access to systems owned by their research group.
CSE IT-Managed systems are the core of the department's computing resources. These systems offer general computing services that are shared between students and faculty and are configured to achieve maximum accessibility and security. CSE IT staff are the only users allowed administrative access to these systems. CSE IT-Managed systems favor stable configurations that do not require frequent changes.
Researcher-Managed systems grant administrative control of the environment to a researcher and their team, allowing them to make changes to the operating system, install the latest versions of software packages, and manage user accounts. This level of control provides researchers with a platform that can be customized to their specific research goals while balancing stability and usability at a level that is appropriate to the task. Research-Managed systems can be used for development and cutting-edge software implementations.
Researchers should thoroughly read this documentation and the specified guidelines before deciding to manage their own systems. Due to security policy, a Researcher-Managed system cannot be changed to a CSE IT-Managed system without destructive procedures that include a full re-installation of the operating system.
Management and administration of computing systems is not a task to be undertaken lightly. Very real and dangerous consequences can arise if misconfigured systems become compromised and failure to adhere to system administration best practices could have a detrimental effect on the performance and stability of other systems on the network.
For these reasons, Researcher-Managed systems are placed on protected networks that limit the opportunity for abuse of other computing resources, and the responsibilities of the researcher and CSE IT staff are well-defined.
The researcher agrees to take sole responsibility for configuring and maintaining the system and ensuring that it remains in compliance with all CSE and UB IT policies. This includes, but is not limited to, responsibility for the following tasks:
Researchers are solely accountable for addressing problems on the systems they manage, for example, when:
Researchers agree to adhere to all IT policies and guidelines provided by the Department of Computer Science and Engineering and the University at Buffalo. Failure to adhere to these policies will result in the removal of the Researcher-Managed system from the network.
An overview of UBIT's policies can be accessed here:
The CSE IT staff agrees to provide the Researcher-Managed system with a connection to a protected network in compliance with UB's IT policies. Outgoing network access is generally unrestricted. Incoming access by default is limited to on-campus network connections or connections made via the UBVPN.
The logistics of supporting customized operating systems and software configurations limit the amount of help that CSE IT staff can provide for Researcher-Managed systems. CSE IT staff will support Research-Managed machines on a "best effort" basis. Researchers are welcome to ask CSE IT staff questions about their systems, but staff may not be able to help with every problem.
The CSE IT staff retains the right to disconnect Researcher Managed systems from the network, with no notice to the managing researcher, if it is deemed that the system is causing network instability, acting suspiciously, or has been compromised.
The following configurations are required for all Researcher-Managed systems. Failure to maintain these configurations will result in the removal of the Researcher-Managed system from the network.
The following guidelines should be used as a starting point for meeting the IT policies of the Department and University.